After migrating companies from on-premises exchange to Office 365, user may see the following error.

"The security certificate has expired or is not yet valid"

This is because the local exchange server, although switched off still runs the IIS portion of exchange. The OWA is pointing users Outlook to look the the previous certificate that was used, not Microsoft's servers.

To fix this we need to amend the AutoDiscoverServiceInternalUrl value.

1. Log on to the old on-premeises exchange and start the Exchange Power Shell

2. Check current value by running:

Get-ClientAccessServer -Identity "[SERVERNAME]" | Format-List

I would recommend screen taking a screen shot of this in case you need to revert back. Next, ping your office 365 autodiscover record and verify it's correct. E.g.